Report - f-3ru.xyz/f/steam/?id=54031

Report Overview

Submitted URL
f-3ru.xyz/f/steam/?id=54031
IP
185.178.208.130
ASN
#57724 Ddos-guard Ltd
Submitted
2022-12-04 11:53:56
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
74

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.5 kB	93.184.220.29
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	54.149.149.164
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	43 kB	34.120.237.76
f-3ru.xyz	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	15 kB	378 kB	185.178.208.130
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	23.36.77.32

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-04	medium	f-3ru.xyz/f/steam/?id=54031	Phishing
2022-12-04	medium	f-3ru.xyz/f/steam/images/logo_steam.svg	Phishing
2022-12-04	medium	f-3ru.xyz/f/steam/?	Phishing
2022-12-04	medium	f-3ru.xyz/f/steam/images/btn_header_installsteam_download.png?v=1	Phishing
2022-12-04	medium	f-3ru.xyz/f/steam/fonts/MotivaSans-Regular.ttf?v=4.015	Phishing
2022-12-04	medium	f-3ru.xyz/f/steam/fonts/MotivaSans-Thin.ttf?v=4.015	Phishing
2022-12-04	medium	f-3ru.xyz/f/steam/?	Phishing
2022-12-04	medium	f-3ru.xyz/f/steam/?id=54031	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-12-04	medium	f-3ru.xyz	Sinkholed
2022-12-04	medium	f-3ru.xyz	Sinkholed
2022-12-04	medium	f-3ru.xyz	Sinkholed
2022-12-04	medium	f-3ru.xyz	Sinkholed
2022-12-04	medium	f-3ru.xyz	Sinkholed
2022-12-04	medium	f-3ru.xyz	Sinkholed
2022-12-04	medium	f-3ru.xyz	Sinkholed
2022-12-04	medium	f-3ru.xyz	Sinkholed
2022-12-04	medium	f-3ru.xyz	Sinkholed
2022-12-04	medium	f-3ru.xyz	Sinkholed
2022-12-04	medium	f-3ru.xyz	Sinkholed
2022-12-04	medium	f-3ru.xyz	Sinkholed
2022-12-04	medium	f-3ru.xyz	Sinkholed
2022-12-04	medium	f-3ru.xyz	Sinkholed
2022-12-04	medium	f-3ru.xyz	Sinkholed
2022-12-04	medium	f-3ru.xyz	Sinkholed
2022-12-04	medium	f-3ru.xyz	Sinkholed
2022-12-04	medium	f-3ru.xyz	Sinkholed
2022-12-04	medium	f-3ru.xyz	Sinkholed
2022-12-04	medium	f-3ru.xyz	Sinkholed
2022-12-04	medium	f-3ru.xyz	Sinkholed
2022-12-04	medium	f-3ru.xyz	Sinkholed
2022-12-04	medium	f-3ru.xyz	Sinkholed
2022-12-04	medium	f-3ru.xyz	Sinkholed
2022-12-04	medium	f-3ru.xyz	Sinkholed
2022-12-04	medium	f-3ru.xyz	Sinkholed
2022-12-04	medium	f-3ru.xyz	Sinkholed
2022-12-04	medium	f-3ru.xyz	Sinkholed
2022-12-04	medium	f-3ru.xyz	Sinkholed

JavaScript (1)

	URL	Size	First Seen	Last Seen
	f-3ru.xyz/f/steam/?	55 B	2023-03-07	2023-03-14
Pretty URL f-3ru.xyz/f/steam/? IP 185.178.208.130 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:52:01 Last Seen2023-03-14 11:06:48 Times Seen1 Hash f66781043004313994a2f4c793a2ddb8 401b6581a196070b7d26af66a110fcd27e3149e8 1d3697f780043edfbdded276fa17422470f120c5493ceab4661f240fa84da00b Loading...

HTTP Transactions (47)

URL IP Response Size

f-3ru.xyz/f/steam/?id=54031

185.178.208.130

301 Moved Permanently

568 B

URL HTTP/1.1
f-3ru.xyz/f/steam/?id=54031
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (564), with no line terminators
Size
568 B (568 bytes)
Hash
2761b98db33884ab29711096ab315edb
8cea6e53464aea178b72e06a906205d040f14ca5
9f7a07f69d9b9a5af186a79159ccea18935ab4103128ca967e3f3f8ae45fb3ee

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /f/steam/?id=54031 HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: ddos-guard
Date: Sun, 04 Dec 2022 11:53:44 GMT
Connection: keep-alive
Keep-Alive: timeout=60
Location: https://f-3ru.xyz/f/steam/?id=54031
Content-Type: text/html; charset=utf8
Content-Length: 568

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10866
Expires: Sun, 04 Dec 2022 14:54:50 GMT
Date: Sun, 04 Dec 2022 11:53:44 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
fb2c0697c6d9a96a5411dd2952947458
79e57f831ec396bbdaa5bfe9472a05e6c9fb31f4
3fd7edcc349ab4402f62e54a142be6b4cecf0e7ee3f431d3168bdf0643ba4d92

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3100
Cache-Control: max-age=170953
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 11:53:44 GMT
Etag: "638c76f5-1d7"
Expires: Tue, 06 Dec 2022 11:22:57 GMT
Last-Modified: Sun, 04 Dec 2022 10:31:17 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 04 Dec 2022 11:18:24 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2120
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3287
Expires: Sun, 04 Dec 2022 12:48:31 GMT
Date: Sun, 04 Dec 2022 11:53:44 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: IL8dw5HYoFhYWI+zFJPiA+wXakAKedq64AdYa5xJLMLxdTFX9oiGgeiIwOT+8MjzN+qXZOdfu2w=
x-amz-request-id: N7BVJ80S0SY64FBM
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 04 Dec 2022 11:46:58 GMT
age: 406
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 11:53:44 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d947cf779f657cb31cc1c7d155c3c249
ea9cc1739522eafc7f45a0afbc41956a130097a1
6a18a3a37bdb44600c50b65f5952c8dbe7e1d8770b6a7dd3f23f7ca2f58aa71a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A18A3A37BDB44600C50B65F5952C8DBE7E1D8770B6A7DD3F23F7CA2F58AA71A"
Last-Modified: Sun, 04 Dec 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21519
Expires: Sun, 04 Dec 2022 17:52:24 GMT
Date: Sun, 04 Dec 2022 11:53:45 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 04 Dec 2022 11:08:58 GMT
cache-control: public,max-age=3600
age: 2687
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
31b129c94a90b1e695b21395cb54e378
a3cae46b48d469cc61ab0581303bcd5f5b654db9
fac3f681be358a20f78958dff10c89b7a91365c5114c81246c1bc34c1362ba1e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3087
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 11:53:45 GMT
Last-Modified: Sun, 04 Dec 2022 11:02:18 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

54.149.149.164

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.149.149.164:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: C75ADpl3SlRvuEbMWm+plw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 7s9nnnkddSf9o3FhJBTBzard8Mo=

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8843
Expires: Sun, 04 Dec 2022 14:21:10 GMT
Date: Sun, 04 Dec 2022 11:53:47 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8843
Expires: Sun, 04 Dec 2022 14:21:10 GMT
Date: Sun, 04 Dec 2022 11:53:47 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8843
Expires: Sun, 04 Dec 2022 14:21:10 GMT
Date: Sun, 04 Dec 2022 11:53:47 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp

34.120.237.76

200 OK

5.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.7 kB (5681 bytes)
Hash
43309032a892c486f9985ef520df696e
36f4682ca6a33ff80ee02129c77e6f27e996ede0
24225ff504f30405d9ec3feb2555c738fcca0d6b265f285aa9c73a64c78a496e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5681
x-amzn-requestid: 8f0d66b8-d532-48d9-9a29-74540cd6ab3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltXnEotIAMFqkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc296-27349a376ff819ab63b04a81;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:41:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Uz-wJTZjej3sjP-O68BQ4hB_kkAecG0o7GkeZUan90ZgV87g0Cg_ZA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:52:38 GMT
age: 50469
etag: "36f4682ca6a33ff80ee02129c77e6f27e996ede0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.3 kB (8315 bytes)
Hash
db1701b7b9d161a0c935bb6e10b17893
22a8c4bd58c729c1abcf794466e8f3231dfb034b
b495524a33e5b1d3ba34cfbe867ada0da956c061370b1fcde06b23a6194a9787

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8315
x-amzn-requestid: f1bcc33b-aad9-4d3b-b1f9-49282f2d4fb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAMGVboAMFfxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-13472a097177d4751c8f7a8c;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6UQ_BhPmpVpe9w6gsExB-EpNq_syeCCK6fr4Y1FFK1jDJh_n1Sd0Eg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:52:47 GMT
age: 50460
etag: "22a8c4bd58c729c1abcf794466e8f3231dfb034b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.0 kB (8989 bytes)
Hash
a6e7b32ac999cf3c899a234c621fa91a
fc5d4f3163ebb9faf85968cbb1d194e8e68418be
f12db3aed126006fee00649aba0b3eaae900de200b85b9523866a90b5494f18e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8989
x-amzn-requestid: abce0b01-f70c-42ad-b242-5a24735fe4c2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltl4Gk2oAMFSWQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc2f2-1cccffff5199dffe70264a95;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:43:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PFl7VUrzRkMFNnTiIw_cbGCyrEFn43eUSlZfT0nUhUmjjyXT7JfjMA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:50:01 GMT
age: 50626
etag: "fc5d4f3163ebb9faf85968cbb1d194e8e68418be"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61cc2744-b517-4404-bfa2-25fadadfa3f3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10431 bytes)
Hash
2636f91bb8fa4d9bb7bef114c248a9ae
8637105f41058bc0d2b259d462b560881928adb6
3d93fd8fcf1af31d00ccbd453142dbea5f2b91d7f58373095943ed40a31ed1f7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61cc2744-b517-4404-bfa2-25fadadfa3f3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10431
x-amzn-requestid: f79ab5e7-8c1b-4827-a531-aaa19c1d80aa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsCGEwxIAMF34g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc073-6358d2950955884c470c0a89;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PQ7xh995cd1UVi3z42EVZGjQjHLLvtAP5BBC-xLEEGr4mEiXS6fC-w==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:47:06 GMT
age: 50801
etag: "8637105f41058bc0d2b259d462b560881928adb6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

f-3ru.xyz/f/steam/?w=1280&h=1024

185.178.208.130

302 Found

24 kB

URL HTTP/2
f-3ru.xyz/f/steam/?w=1280&h=1024
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2465)
Size
24 kB (23983 bytes)
Hash
eac39bf884ba6336e51a32af17035069
e397c8dae3f459f15c1052cb84267bf9fde8b7b1
cd4283159347ad29f8f5779395c35b744a84b39ecca9142807562ffccac3f610

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f/steam/?w=1280&h=1024 HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f-3ru.xyz/f/steam/?
Cookie: __ddg1_=IQx4KcSeYB14yPyki8L0; PHPSESSID=a039db5837db36495cdd2a5ccc5b9f6d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 302 Found
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 04 Dec 2022 11:53:46 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/5.6.36
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
location: ?
content-encoding: br
vary: Accept-Encoding
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.7 kB (4666 bytes)
Hash
c01fe1cccdb3b672bbade6d98217ffe9
a9a529dc9894827f6243a1bf57f81caa4fe88fc2
c43da6212c79a08e22e78e04e99e8f5422e64b4b0a87f30b7907f1b4bc675c71

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4666
x-amzn-requestid: 850d341f-5ccb-453c-8adf-a8194f8fbdad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clr_-GiboAMFwww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc066-766293f2526e637235067aca;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: z5uqgjB-Bsl0U55a8aFi37cpJ65Vnbjm6bJ2GnMpaO7RXsMZsOCbPQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:44:01 GMT
age: 50986
etag: "a9a529dc9894827f6243a1bf57f81caa4fe88fc2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

f-3ru.xyz/f/steam/css/buttons.css

185.178.208.130

200 OK

3.5 kB

URL HTTP/2
f-3ru.xyz/f/steam/css/buttons.css
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text
Size
3.5 kB (3521 bytes)
Hash
ef43f3d9e557652f7e4df526cb0917e1
ef2d2c3fe4d80bcb54a9266a72969ebddd5818d6
cf97473846d876d9cfcad6cd156c796acbc3d523adb2861106cbe5f5cfbefdf5

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f/steam/css/buttons.css HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f-3ru.xyz/f/steam/?
Cookie: __ddg1_=IQx4KcSeYB14yPyki8L0; PHPSESSID=a039db5837db36495cdd2a5ccc5b9f6d
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 01 Dec 2022 19:56:11 GMT
content-type: text/css
last-modified: Tue, 22 Nov 2022 10:48:41 GMT
vary: Accept-Encoding
etag: W/"637ca909-7f01"
expires: Sun, 15 Jan 2023 19:56:11 GMT
cache-control: max-age=3888000
content-encoding: gzip
age: 230256
ddg-cache-status: HIT,MISS
content-length: 3521
X-Firefox-Spdy: h2

f-3ru.xyz/f/steam/css/store.css

185.178.208.130

200 OK

22 kB

URL HTTP/2
f-3ru.xyz/f/steam/css/store.css
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (391)
Size
22 kB (21926 bytes)
Hash
64a023bab707a85e770b00af28c9535e
ee7b1ebae7f009ed36948bad68d929ea51ce9ecd
63c79450da38b8fb6e2561e11dc6b587faca742b0ab641bffe56e605c2dc0d06

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f/steam/css/store.css HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f-3ru.xyz/f/steam/?
Cookie: __ddg1_=IQx4KcSeYB14yPyki8L0; PHPSESSID=a039db5837db36495cdd2a5ccc5b9f6d
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Mon, 28 Nov 2022 03:50:11 GMT
content-type: text/css
last-modified: Tue, 22 Nov 2022 10:48:41 GMT
vary: Accept-Encoding
etag: W/"637ca909-1a9b1"
expires: Thu, 12 Jan 2023 03:50:11 GMT
cache-control: max-age=3888000
content-encoding: gzip
age: 547416
content-length: 21926
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

f-3ru.xyz/f/steam/css/cart.css

185.178.208.130

200 OK

11 kB

URL HTTP/2
f-3ru.xyz/f/steam/css/cart.css
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (361)
Size
11 kB (11282 bytes)
Hash
024991eb909f23e4c72d03895ff9212f
8f982df2b30e21531a307b5da3b5b10aa7008aaa
82f0682dca60e4e7d23d4c254fd67e13743e883c0a1ec7e417fe1689e903b1e8

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f/steam/css/cart.css HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f-3ru.xyz/f/steam/?
Cookie: __ddg1_=IQx4KcSeYB14yPyki8L0; PHPSESSID=a039db5837db36495cdd2a5ccc5b9f6d
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 29 Nov 2022 13:24:04 GMT
content-type: text/css
last-modified: Tue, 22 Nov 2022 10:48:41 GMT
vary: Accept-Encoding
etag: W/"637ca909-cbbd"
expires: Fri, 13 Jan 2023 13:24:04 GMT
cache-control: max-age=3888000
content-encoding: gzip
age: 426583
content-length: 11282
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

f-3ru.xyz/f/steam/css/browse.css

185.178.208.130

200 OK

2.6 kB

URL HTTP/2
f-3ru.xyz/f/steam/css/browse.css
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text
Size
2.6 kB (2632 bytes)
Hash
8e2e3d7f46d729b98c1cb2bcbfc00e6b
51e0669a233de25fb622ce837be8f435fc444c30
8564aa4d45acd475b48bcac276095a10a99cfeec8ff2d884c27095d82e8f7595

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f/steam/css/browse.css HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f-3ru.xyz/f/steam/?
Cookie: __ddg1_=IQx4KcSeYB14yPyki8L0; PHPSESSID=a039db5837db36495cdd2a5ccc5b9f6d
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Mon, 28 Nov 2022 03:50:11 GMT
content-type: text/css
last-modified: Tue, 22 Nov 2022 10:48:41 GMT
vary: Accept-Encoding
etag: W/"637ca909-2948"
expires: Thu, 12 Jan 2023 03:50:11 GMT
cache-control: max-age=3888000
content-encoding: gzip
age: 547416
content-length: 2632
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

f-3ru.xyz/f/steam/css/shared_global.css

185.178.208.130

200 OK

18 kB

URL HTTP/2
f-3ru.xyz/f/steam/css/shared_global.css
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (4303)
Size
18 kB (18204 bytes)
Hash
ff7b787d6d8f15926f55d61ccd9cebc3
923b8979127d78cfffc37a0ddde9dde639899f94
a40e045ef49f18925db97bf92cecc927b22df75f1c45d48885b50d21bc7582d4

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f/steam/css/shared_global.css HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f-3ru.xyz/f/steam/?
Cookie: __ddg1_=IQx4KcSeYB14yPyki8L0; PHPSESSID=a039db5837db36495cdd2a5ccc5b9f6d
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 04 Dec 2022 11:25:23 GMT
content-type: text/css
last-modified: Tue, 22 Nov 2022 10:48:41 GMT
vary: Accept-Encoding
etag: W/"637ca909-11c86"
expires: Wed, 18 Jan 2023 11:25:23 GMT
cache-control: max-age=3888000
content-encoding: gzip
age: 1704
content-length: 18204
ddg-cache-status: MISS,HIT
X-Firefox-Spdy: h2

f-3ru.xyz/f/steam/images/logo_valve_footer.png

185.178.208.130

200 OK

1.8 kB

URL HTTP/2
f-3ru.xyz/f/steam/images/logo_valve_footer.png
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 92 x 26, 8-bit/color RGBA, non-interlaced\012- data
Size
1.8 kB (1846 bytes)
Hash
574c350c7b23ae794d5276f8580e0838
235c7b35c3468f8915eca01f7abdb43d34079609
8b97ba0dac22fe6704c1f6d95fe79613f33017804f256abb9006df0442491787

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f/steam/images/logo_valve_footer.png HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f-3ru.xyz/f/steam/?
Cookie: __ddg1_=IQx4KcSeYB14yPyki8L0; PHPSESSID=a039db5837db36495cdd2a5ccc5b9f6d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 01 Dec 2022 19:56:11 GMT
content-type: image/png
content-length: 1846
last-modified: Tue, 22 Nov 2022 10:48:43 GMT
etag: "637ca90b-736"
expires: Sun, 15 Jan 2023 19:56:11 GMT
cache-control: max-age=3888000
accept-ranges: bytes
age: 230256
ddg-cache-status: HIT,MISS
X-Firefox-Spdy: h2

f-3ru.xyz/f/steam/css/login.css

185.178.208.130

200 OK

3.8 kB

URL HTTP/2
f-3ru.xyz/f/steam/css/login.css
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
assembler source, ASCII text
Size
3.8 kB (3766 bytes)
Hash
569cdf3238199479d1e478b8abf0e54d
aee97f93c25dec6d3e1d69a8db86b2e11aa2961f
f1554313906ebd90664e9eed02c50f54e0a8c8d78eb2489de1d94c671a28bacc

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f/steam/css/login.css HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f-3ru.xyz/f/steam/?
Cookie: __ddg1_=IQx4KcSeYB14yPyki8L0; PHPSESSID=a039db5837db36495cdd2a5ccc5b9f6d
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 02 Dec 2022 18:31:01 GMT
content-type: text/css
last-modified: Tue, 22 Nov 2022 10:48:41 GMT
vary: Accept-Encoding
etag: W/"637ca909-3b4e"
expires: Mon, 16 Jan 2023 18:31:01 GMT
cache-control: max-age=3888000
content-encoding: gzip
age: 148966
content-length: 3766
ddg-cache-status: MISS,HIT
X-Firefox-Spdy: h2

f-3ru.xyz/f/steam/css/motiva_sans.css

185.178.208.130

200 OK

595 B

URL HTTP/2
f-3ru.xyz/f/steam/css/motiva_sans.css
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text
Size
595 B (595 bytes)
Hash
4fb4cf393293fd323102a35e54dd6251
2b6da0030ba609accb44a6bcd531b19999e8bc7b
3925bc3ff4dc9aaca53b522d482cc7612c7d723b42982e71e7658bb83182a670

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f/steam/css/motiva_sans.css HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f-3ru.xyz/f/steam/?
Cookie: __ddg1_=IQx4KcSeYB14yPyki8L0; PHPSESSID=a039db5837db36495cdd2a5ccc5b9f6d
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 03 Dec 2022 17:10:31 GMT
content-type: text/css
last-modified: Tue, 22 Nov 2022 10:48:41 GMT
vary: Accept-Encoding
etag: W/"637ca909-858"
expires: Tue, 17 Jan 2023 17:10:31 GMT
cache-control: max-age=3888000
content-encoding: gzip
age: 67396
content-length: 595
ddg-cache-status: MISS,HIT
X-Firefox-Spdy: h2

f-3ru.xyz/f/steam/images/header_menu_hamburger.png

185.178.208.130

200 OK

3.8 kB

URL HTTP/2
f-3ru.xyz/f/steam/images/header_menu_hamburger.png
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 244 x 212, 8-bit/color RGBA, non-interlaced\012- data
Size
3.8 kB (3777 bytes)
Hash
eabc76eb57feae44add7faead028521e
4e3e53938fad15661d2d046a868338841a95db19
fc9e6260a2706ae146282d77e67bc1b74688435f8912ab4c1932641eec28bffa

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f/steam/images/header_menu_hamburger.png HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f-3ru.xyz/f/steam/?
Cookie: __ddg1_=IQx4KcSeYB14yPyki8L0; PHPSESSID=a039db5837db36495cdd2a5ccc5b9f6d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Mon, 28 Nov 2022 03:50:11 GMT
content-type: image/png
content-length: 3777
last-modified: Tue, 22 Nov 2022 10:48:42 GMT
etag: "637ca90a-ec1"
expires: Thu, 12 Jan 2023 03:50:11 GMT
cache-control: max-age=3888000
accept-ranges: bytes
age: 547416
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

f-3ru.xyz/f/steam/images/logo_steam.svg

185.178.208.130

200 OK

1.7 kB

URL HTTP/2
f-3ru.xyz/f/steam/images/logo_steam.svg
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
1.7 kB (1731 bytes)
Hash
b8bc485a2f7879d7eba97636bd32c90a
42f0153a784894b2a877002a949b65c3b8ba268d
ff54e8508197ae739940d8d7537398443d7139993f911f017f100d88b5c593d5

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /f/steam/images/logo_steam.svg HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f-3ru.xyz/f/steam/?
Cookie: __ddg1_=IQx4KcSeYB14yPyki8L0; PHPSESSID=a039db5837db36495cdd2a5ccc5b9f6d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Mon, 28 Nov 2022 03:50:11 GMT
content-type: image/svg+xml
last-modified: Tue, 22 Nov 2022 10:48:43 GMT
vary: Accept-Encoding
etag: W/"637ca90b-e3e"
expires: Thu, 12 Jan 2023 03:50:11 GMT
cache-control: max-age=3888000
content-encoding: gzip
age: 547416
content-length: 1731
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

f-3ru.xyz/f/steam/?

185.178.208.130

200 OK

7.9 kB

URL HTTP/2
f-3ru.xyz/f/steam/?
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
data
Size
7.9 kB (7862 bytes)
Hash
660605c544976c8251439e7be70a7719
4fad3c9ea61150e81071206e9c37ddbb18831238
f98ebb7b65d9b7b6e79fdadff647dbe3bfbb88fa4e87a87f33e051d9fc886842

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /f/steam/? HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://f-3ru.xyz/f/steam/?
Connection: keep-alive
Cookie: __ddg1_=IQx4KcSeYB14yPyki8L0; PHPSESSID=a039db5837db36495cdd2a5ccc5b9f6d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 04 Dec 2022 11:53:47 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/5.6.36
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

f-3ru.xyz/f/steam/images/blank.gif

185.178.208.130

200 OK

807 B

URL HTTP/2
f-3ru.xyz/f/steam/images/blank.gif
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
GIF image data, version 89a, 1 x 1\012- data
Size
807 B (807 bytes)
Hash
39bc952559e5a8f4e84ba035fb2f7390
4f415467396b4a50149373ca75bcb4c04c2f60b6
8f73ef54efc672061f69ca881fe318dccc6dd67d993cbb8e76e53e52c84ee493

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f/steam/images/blank.gif HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f-3ru.xyz/f/steam/?
Cookie: __ddg1_=IQx4KcSeYB14yPyki8L0; PHPSESSID=a039db5837db36495cdd2a5ccc5b9f6d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Wed, 30 Nov 2022 20:44:52 GMT
content-type: image/gif
content-length: 807
last-modified: Tue, 22 Nov 2022 10:48:42 GMT
etag: "637ca90a-327"
expires: Sat, 14 Jan 2023 20:44:52 GMT
cache-control: max-age=3888000
accept-ranges: bytes
age: 313735
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

f-3ru.xyz/f/steam/images/footerLogo_valve_new.png

185.178.208.130

200 OK

2.6 kB

URL HTTP/2
f-3ru.xyz/f/steam/images/footerLogo_valve_new.png
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 176 x 50, 8-bit/color RGBA, non-interlaced\012- data
Size
2.6 kB (2584 bytes)
Hash
86a9ccc0b872f22006a48bc6c2500f4e
0edccf2cbc869816135c6ff4c3eee0c49d0f41c1
d8bbe461137d50211568449468a1981ef189248200eadd48c3141a9df0b8f7fc

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f/steam/images/footerLogo_valve_new.png HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f-3ru.xyz/f/steam/?
Cookie: __ddg1_=IQx4KcSeYB14yPyki8L0; PHPSESSID=a039db5837db36495cdd2a5ccc5b9f6d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 01 Dec 2022 19:56:12 GMT
content-type: image/png
content-length: 2584
last-modified: Tue, 22 Nov 2022 10:48:42 GMT
etag: "637ca90a-a18"
expires: Sun, 15 Jan 2023 19:56:12 GMT
cache-control: max-age=3888000
accept-ranges: bytes
age: 230255
ddg-cache-status: HIT,MISS
X-Firefox-Spdy: h2

f-3ru.xyz/f/steam/images/ico_twitter.gif

185.178.208.130

200 OK

1.4 kB

URL HTTP/2
f-3ru.xyz/f/steam/images/ico_twitter.gif
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
GIF image data, version 89a, 16 x 16\012- data
Size
1.4 kB (1419 bytes)
Hash
3d1b1bd2039e20ae67cbfe27d7da1151
e87d089b1c4f1170bb41e7bc903aa73bc9749a02
3dfbda507ea5fb1ed6c358bcc2e595c170ed4293ccb135545f05be3e30f7a0c0

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f/steam/images/ico_twitter.gif HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f-3ru.xyz/f/steam/?
Cookie: __ddg1_=IQx4KcSeYB14yPyki8L0; PHPSESSID=a039db5837db36495cdd2a5ccc5b9f6d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 01 Dec 2022 14:58:08 GMT
content-type: image/gif
content-length: 1419
last-modified: Tue, 22 Nov 2022 10:48:42 GMT
etag: "637ca90a-58b"
expires: Sun, 15 Jan 2023 14:58:08 GMT
cache-control: max-age=3888000
accept-ranges: bytes
age: 248139
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

f-3ru.xyz/f/steam/images/ico_facebook.gif

185.178.208.130

200 OK

1.2 kB

URL HTTP/2
f-3ru.xyz/f/steam/images/ico_facebook.gif
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
GIF image data, version 89a, 16 x 16\012- data
Size
1.2 kB (1171 bytes)
Hash
ed803f2a1aca596a1dce7fdddb969105
c8e5e747a05d5c0b0c8ce61eb4cc8c22a936535f
5f97cfe4186b827737324c19df2fa7f98bb465e6e0893092c683c4ad76d9495b

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f/steam/images/ico_facebook.gif HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f-3ru.xyz/f/steam/?
Cookie: __ddg1_=IQx4KcSeYB14yPyki8L0; PHPSESSID=a039db5837db36495cdd2a5ccc5b9f6d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 29 Nov 2022 13:24:04 GMT
content-type: image/gif
content-length: 1171
last-modified: Tue, 22 Nov 2022 10:48:42 GMT
etag: "637ca90a-493"
expires: Fri, 13 Jan 2023 13:24:04 GMT
cache-control: max-age=3888000
accept-ranges: bytes
age: 426583
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

f-3ru.xyz/f/steam/images/logo_steam_footer.png

185.178.208.130

200 OK

2.8 kB

URL HTTP/2
f-3ru.xyz/f/steam/images/logo_steam_footer.png
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 92 x 26, 8-bit/color RGBA, non-interlaced\012- data
Size
2.8 kB (2843 bytes)
Hash
41e851f8e42b6bf3414278871e93e8a2
a3811c7e1157f77950ec1f0558293bc90e432e82
399f74c4e69eac8b59b149293f9a573955fef0a62b242cfa70346070013e0966

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f/steam/images/logo_steam_footer.png HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f-3ru.xyz/f/steam/?
Cookie: __ddg1_=IQx4KcSeYB14yPyki8L0; PHPSESSID=a039db5837db36495cdd2a5ccc5b9f6d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 02 Dec 2022 18:31:01 GMT
content-type: image/png
content-length: 2843
last-modified: Tue, 22 Nov 2022 10:48:43 GMT
etag: "637ca90b-b1b"
expires: Mon, 16 Jan 2023 18:31:01 GMT
cache-control: max-age=3888000
accept-ranges: bytes
age: 148966
ddg-cache-status: MISS,HIT
X-Firefox-Spdy: h2

f-3ru.xyz/f/steam/images/header_logo.png

185.178.208.130

200 OK

11 kB

URL HTTP/2
f-3ru.xyz/f/steam/images/header_logo.png
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 744 x 171, 8-bit/color RGBA, non-interlaced\012- data
Size
11 kB (10863 bytes)
Hash
a4e79c73ee13cb25b60fc4b0ba1f690c
b690c31b2eb1b0eb085e91aaae7e79f03debe7c1
6cb869df089146c12efb5e9c968e911c314842624ba6f052a11346ac734cadc8

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f/steam/images/header_logo.png HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f-3ru.xyz/f/steam/?
Cookie: __ddg1_=IQx4KcSeYB14yPyki8L0; PHPSESSID=a039db5837db36495cdd2a5ccc5b9f6d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 02 Dec 2022 18:31:01 GMT
content-type: image/png
content-length: 10863
last-modified: Tue, 22 Nov 2022 10:48:42 GMT
etag: "637ca90a-2a6f"
expires: Mon, 16 Jan 2023 18:31:01 GMT
cache-control: max-age=3888000
accept-ranges: bytes
age: 148966
ddg-cache-status: MISS,HIT
X-Firefox-Spdy: h2

f-3ru.xyz/f/steam/images/join_pc.png

185.178.208.130

200 OK

33 kB

URL HTTP/2
f-3ru.xyz/f/steam/images/join_pc.png
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 772 x 528, 8-bit/color RGBA, non-interlaced\012- data
Size
33 kB (33338 bytes)
Hash
764b17e1da6963ebc217a49b77a91522
0684a8b6fe9eaf83dc0712902ac5c9721f7e0a42
a59657d4f7db10fefd0c0812bc93e00fa5bb4469b7ab55cebd41a0a9961f8e44

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f/steam/images/join_pc.png HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f-3ru.xyz/f/steam/?
Cookie: __ddg1_=IQx4KcSeYB14yPyki8L0; PHPSESSID=a039db5837db36495cdd2a5ccc5b9f6d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 01 Dec 2022 09:57:21 GMT
content-type: image/png
content-length: 33338
last-modified: Tue, 22 Nov 2022 10:48:43 GMT
etag: "637ca90b-823a"
expires: Sun, 15 Jan 2023 09:57:21 GMT
cache-control: max-age=3888000
accept-ranges: bytes
age: 266186
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

f-3ru.xyz/f/steam/css/shared_responsive.css

185.178.208.130

200 OK

5.4 kB

URL HTTP/2
f-3ru.xyz/f/steam/css/shared_responsive.css
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (1667)
Size
5.4 kB (5389 bytes)
Hash
7a4d113012429363c1082bf4eafd7676
740bec085def9b56945fdc683a68da098dab83de
6895d4653cc037293cf831fe80bc70c7732d8529de5f79767e77f0df1c6febfc

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f/steam/css/shared_responsive.css HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f-3ru.xyz/f/steam/?
Cookie: __ddg1_=IQx4KcSeYB14yPyki8L0; PHPSESSID=a039db5837db36495cdd2a5ccc5b9f6d
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 03 Dec 2022 06:43:05 GMT
content-type: text/css
last-modified: Tue, 22 Nov 2022 10:48:41 GMT
vary: Accept-Encoding
etag: W/"637ca909-3e7a"
expires: Tue, 17 Jan 2023 06:43:05 GMT
cache-control: max-age=3888000
content-encoding: gzip
age: 105042
content-length: 5389
ddg-cache-status: MISS,HIT
X-Firefox-Spdy: h2

f-3ru.xyz/f/steam/favicon.ico

185.178.208.130

200 OK

39 kB

URL HTTP/2
f-3ru.xyz/f/steam/favicon.ico
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel\012- data
Size
39 kB (38554 bytes)
Hash
231913fdebabcbe65f4b0052372bde56
553909d080e4f210b64dc73292f3a111d5a0781f
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f/steam/favicon.ico HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f-3ru.xyz/f/steam/?
Cookie: __ddg1_=IQx4KcSeYB14yPyki8L0; PHPSESSID=a039db5837db36495cdd2a5ccc5b9f6d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 03 Dec 2022 19:35:17 GMT
content-type: image/vnd.microsoft.icon
content-length: 38554
last-modified: Tue, 22 Nov 2022 10:47:54 GMT
accept-ranges: bytes
ddg-cache-status: HIT,HIT
etag: "969a-5ee0ce780d063"
age: 58710
X-Firefox-Spdy: h2

f-3ru.xyz/f/steam/images/acct_creation_bg.jpg

185.178.208.130

200 OK

56 kB

URL HTTP/2
f-3ru.xyz/f/steam/images/acct_creation_bg.jpg
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1106x919, components 3\012- data
Size
56 kB (55753 bytes)
Hash
f0a93bd3d774b522192de22954ddb0b8
07f5b5a8082716ecaf85446d587df0762dbee2e3
9d347144f3c2a396a44bfc7bbf231fa2185d3e536489811fc6dca3600dce3597

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f/steam/images/acct_creation_bg.jpg HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f-3ru.xyz/f/steam/css/login.css
Cookie: __ddg1_=IQx4KcSeYB14yPyki8L0; PHPSESSID=a039db5837db36495cdd2a5ccc5b9f6d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 02 Dec 2022 18:31:02 GMT
content-type: image/jpeg
content-length: 55753
last-modified: Tue, 22 Nov 2022 10:48:42 GMT
etag: "637ca90a-d9c9"
expires: Mon, 16 Jan 2023 18:31:02 GMT
cache-control: max-age=3888000
accept-ranges: bytes
age: 148965
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

f-3ru.xyz/f/steam/images/btn_header_installsteam_download.png?v=1

185.178.208.130

200 OK

291 B

URL HTTP/2
f-3ru.xyz/f/steam/images/btn_header_installsteam_download.png?v=1
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 15 x 13, 8-bit/color RGBA, non-interlaced\012- data
Size
291 B (291 bytes)
Hash
a2796187c58c7e948159e37d6990ecc2
4209cd85add507247f9ce5a87a8c9095b54ee417
23341256db7f44b1f3811880fa2bae6b7748bbf6b62c544a162e38cf0d5c5082

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /f/steam/images/btn_header_installsteam_download.png?v=1 HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f-3ru.xyz/f/steam/css/shared_global.css
Cookie: __ddg1_=IQx4KcSeYB14yPyki8L0; PHPSESSID=a039db5837db36495cdd2a5ccc5b9f6d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 02 Dec 2022 18:31:02 GMT
content-type: image/png
content-length: 291
last-modified: Tue, 22 Nov 2022 10:48:42 GMT
etag: "637ca90a-123"
expires: Mon, 16 Jan 2023 18:31:02 GMT
cache-control: max-age=3888000
accept-ranges: bytes
age: 148965
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

f-3ru.xyz/f/steam/images/btn_arrow_down_padded.png

185.178.208.130

200 OK

161 B

URL HTTP/2
f-3ru.xyz/f/steam/images/btn_arrow_down_padded.png
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 19 x 12, 8-bit/color RGBA, non-interlaced\012- data
Size
161 B (161 bytes)
Hash
f2dae37acac6b9d5a91caf1885c2f7d0
5f80fdde9f702a1d7589bc5faf88c14066e26c32
93b1fbe4f6245b62bfd4c8c3347abe0fe67ed711315e59bfadaebc9873d8d9b5

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f/steam/images/btn_arrow_down_padded.png HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f-3ru.xyz/f/steam/css/shared_global.css
Cookie: __ddg1_=IQx4KcSeYB14yPyki8L0; PHPSESSID=a039db5837db36495cdd2a5ccc5b9f6d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 02 Dec 2022 18:31:02 GMT
content-type: image/png
content-length: 161
last-modified: Tue, 22 Nov 2022 10:48:42 GMT
etag: "637ca90a-a1"
expires: Mon, 16 Jan 2023 18:31:02 GMT
cache-control: max-age=3888000
accept-ranges: bytes
age: 148965
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

f-3ru.xyz/f/steam/fonts/MotivaSans-Regular.ttf?v=4.015

185.178.208.130

200 OK

58 kB

URL HTTP/2
f-3ru.xyz/f/steam/fonts/MotivaSans-Regular.ttf?v=4.015
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 22 names, Macintosh, Copyright \251 2012, 2017, 2020 by Plau. All rights reserved.Motiva SansRegular4.015;Plau;Motiva\012- data
Size
58 kB (57737 bytes)
Hash
6bad05d9d219cc4b08f303db938b8b88
d21e19d83a68272eaf5c37268229f393a4524c99
a0249bf18eb0feefafd6e1efbd2fdd162f775236102950b7bd4b001744e5cf4d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /f/steam/fonts/MotivaSans-Regular.ttf?v=4.015 HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f-3ru.xyz/f/steam/css/motiva_sans.css
Cookie: __ddg1_=IQx4KcSeYB14yPyki8L0; PHPSESSID=a039db5837db36495cdd2a5ccc5b9f6d
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 03 Dec 2022 20:33:46 GMT
content-type: application/font-sfnt
last-modified: Tue, 22 Nov 2022 10:48:42 GMT
etag: W/"1df3c-5ee0cea54e794"
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
age: 55201
content-length: 57737
ddg-cache-status: MISS,HIT
X-Firefox-Spdy: h2

f-3ru.xyz/f/steam/fonts/MotivaSans-Thin.ttf?v=4.015

185.178.208.130

200 OK

54 kB

URL HTTP/2
f-3ru.xyz/f/steam/fonts/MotivaSans-Thin.ttf?v=4.015
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type
TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 24 names, Macintosh, Copyright \251 2012, 2017, 2020 by Plau. All rights reserved.Motiva SansThin4.015;Plau;MotivaSan\012- data
Size
54 kB (54112 bytes)
Hash
ed8011c4bdb6f966b1868a402e4af179
3bd7dbdf2ff7c42865c6d2bc3386a0d31648a4e1
31d4fc4bae4b0bf08d5ca544c95030d616323cd1c268d3a266016dab292cd0c1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /f/steam/fonts/MotivaSans-Thin.ttf?v=4.015 HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f-3ru.xyz/f/steam/css/motiva_sans.css
Cookie: __ddg1_=IQx4KcSeYB14yPyki8L0; PHPSESSID=a039db5837db36495cdd2a5ccc5b9f6d
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 03 Dec 2022 20:33:46 GMT
content-type: application/font-sfnt
last-modified: Tue, 22 Nov 2022 10:48:42 GMT
etag: W/"1cfd0-5ee0cea567dd4"
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
age: 55201
content-length: 54112
ddg-cache-status: MISS,HIT
X-Firefox-Spdy: h2

f-3ru.xyz/f/steam/?

185.178.208.130

200 OK

0 B

URL HTTP/2
f-3ru.xyz/f/steam/?
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /f/steam/? HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __ddg1_=IQx4KcSeYB14yPyki8L0; PHPSESSID=a039db5837db36495cdd2a5ccc5b9f6d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 04 Dec 2022 11:53:45 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/5.6.36
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

f-3ru.xyz/f/steam/?id=54031

185.178.208.130

302 Found

0 B

URL HTTP/2
f-3ru.xyz/f/steam/?id=54031
IP
185.178.208.130:0
ASN
#57724 Ddos-guard Ltd

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /f/steam/?id=54031 HTTP/1.1
Host: f-3ru.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 302 Found
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 04 Dec 2022 11:53:45 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/5.6.36
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: __ddg1_=IQx4KcSeYB14yPyki8L0; Domain=.f-3ru.xyz; HttpOnly; Path=/; Expires=Mon, 04-Dec-2023 11:53:45 GMT
PHPSESSID=a039db5837db36495cdd2a5ccc5b9f6d; path=/
location: ?
content-encoding: br
vary: Accept-Encoding
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (47)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type